HIPAA has strict regulations regarding the storage of medical records. Whether the information is stored electronically or on paper, the sensitive nature of the data requires a high level of security. Doctors, practice managers, and storage professionals work hard to design secure space-efficient user-friendly records storage to comply with HIPAA regs. HIPAA’s security requirements extend to the disposal of patient records, too, specifying shredding and deletion procedures that must be followed for a medical practice to remain in compliance.
With such comprehensive regulations in place, NBC’s Lex18.com report on dumped medical records in Lexington, Kentucky, came as quite a surprise. It revealed a disturbing lapse in compliance by a local healthcare provider, compromising the privacy of thousands of patients. The investigation is ongoing, but the incident reinforces the need for healthcare providers to have a clear plan of action for both the storage and the disposal of medical records. A dumpster is no place for patient information.
Photo © thinglass – Fotolia